summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--custom/tinc/laeradhr.nix5
-rw-r--r--custom/tinc/yggdrasil.nix5
-rw-r--r--hel.nix4
-rw-r--r--ymir.nix4
4 files changed, 14 insertions, 4 deletions
diff --git a/custom/tinc/laeradhr.nix b/custom/tinc/laeradhr.nix
index b40e3d2a..abf309f0 100644
--- a/custom/tinc/laeradhr.nix
+++ b/custom/tinc/laeradhr.nix
@@ -4,6 +4,7 @@
4, name 4, name
5, connect ? true 5, connect ? true
6, ipConf ? {} 6, ipConf ? {}
7, useDNS ? true
7}: 8}:
8 9
9 10
@@ -19,10 +20,10 @@ in {
19 tinc-up = '' 20 tinc-up = ''
20 #!${stdenv.shell} 21 #!${stdenv.shell}
21 ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999 22 ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
22 ${openresolv}/bin/resolvconf -m 0 -a tinc.laeradhr <<EOF 23 ${if useDNS then ''${openresolv}/bin/resolvconf -m 0 -a tinc.laeradhr <<EOF
23 domain yggdrasil 24 domain yggdrasil
24 nameserver 10.141.1.1 25 nameserver 10.141.1.1
25 EOF 26 EOF'' else ""}
26 ''; 27 '';
27 tinc-down = '' 28 tinc-down = ''
28 #!${stdenv.shell} 29 #!${stdenv.shell}
diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix
index 7c028824..53b8b85e 100644
--- a/custom/tinc/yggdrasil.nix
+++ b/custom/tinc/yggdrasil.nix
@@ -4,6 +4,7 @@
4, name 4, name
5, connect ? true 5, connect ? true
6, ipConf ? {} 6, ipConf ? {}
7, useDNS ? true
7}: 8}:
8 9
9 10
@@ -22,10 +23,10 @@ in {
22 tinc-up = '' 23 tinc-up = ''
23 #!${stdenv.shell} 24 #!${stdenv.shell}
24 ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999 25 ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
25 ${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF 26 ${if useDNS then ''${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
26 domain yggdrasil 27 domain yggdrasil
27 nameserver 10.141.1.1 28 nameserver 10.141.1.1
28 EOF 29 EOF'' else ""}
29 ''; 30 '';
30 tinc-down = '' 31 tinc-down = ''
31 #!${stdenv.shell} 32 #!${stdenv.shell}
diff --git a/hel.nix b/hel.nix
index 00ccf77e..c189b723 100644
--- a/hel.nix
+++ b/hel.nix
@@ -214,6 +214,10 @@
214 smtp_sasl_password_maps = texthash:/var/db/postfix/sasl_passwd 214 smtp_sasl_password_maps = texthash:/var/db/postfix/sasl_passwd
215 smtp_cname_overrides_servername = no 215 smtp_cname_overrides_servername = no
216 smtp_always_send_ehlo = yes 216 smtp_always_send_ehlo = yes
217
218 smtp_tls_loglevel = 1
219 smtp_dns_support_level = dnssec
220 smtp_tls_security_level = dane
217 ''; 221 '';
218 }; 222 };
219 223
diff --git a/ymir.nix b/ymir.nix
index 66371833..24827e65 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -245,6 +245,7 @@ in rec {
245 inherit (pkgs) stdenv nettools openresolv; 245 inherit (pkgs) stdenv nettools openresolv;
246 name = "ymir"; 246 name = "ymir";
247 connect = false; 247 connect = false;
248 useDNS = false;
248 ipConf = { 249 ipConf = {
249 ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ]; 250 ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ];
250 }; 251 };
@@ -379,6 +380,9 @@ in rec {
379 #enable TLS logging to see the ciphers for outbound connections 380 #enable TLS logging to see the ciphers for outbound connections
380 smtp_tls_loglevel = 1 381 smtp_tls_loglevel = 1
381 382
383 smtp_dns_support_level = dnssec
384 smtp_tls_security_level = dane
385
382 transport_maps = regexp:${pkgs.writeText "transport" '' 386 transport_maps = regexp:${pkgs.writeText "transport" ''
383 /^gkleen[@\+]/ uucp:isaac 387 /^gkleen[@\+]/ uucp:isaac
384 /@(lists?|l)\./ mlmmj: 388 /@(lists?|l)\./ mlmmj:
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 09:45:40 +0000